Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Name:ADSPY/SmartShoper
Entdeckt am:15/10/2009
Art:Security Privacy Risk
In freier Wildbahn:Ja
Gemeldete Infektionen:Niedrig bis mittel
Verbreitungspotenzial:Niedrig
Schadenspotenzial:Niedrig bis mittel
Statische Datei:Ja
Dateigre:1.185.056 Bytes
MD5 Prfsumme:f937c3907123ac59d333fbdc799fb5cf
IVDF Version:7.01.06.114 - Donnerstag, 15. Oktober 2009

 General Betriebsysteme:
   • Windows 2000
   • Windows XP
   • Windows 2003


Auswirkungen:
   • Ldt eine Dateien herunter
   • Erstellt eine Datei
   • nderung an der Registry

 Dateien  Folgende Datei wird gelscht:
   • %HOME%\Application Data\ShoppingReport\tmp.html



Es wird folgende Datei erstellt:

%HOME%\Application Data\ShoppingReport\tmp.html



Es wird versucht folgende Datei herunterzuladen:

Die URLs sind folgende:
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=&iid=&cid=&uid=&UniqueCID=&bar_ver=&installation_date=&BANNER_ID&partner=&REQUESTOR_ID&Affiliate_Id&install_status=%Nummer%&last_stage=%Nummer%&ie_user_agent&os_ver=&ie_ver=&def_br_ver=
   • http://partners.ShopperReports.com/partners/**********?RegisterUnInstallationFromInstaller&partner=&group=&UID=&bar_ver=&CID&IID=&BANNER_ID&REQUESTOR_ID&COUNTRY&SG&USER_CREATE_DATE=&Affiliate_Id&ie_user_agent&os_ver=&ie_ver=&def_br_ver=
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=&iid=&cid=&uid=&UniqueCID=&bar_ver=&installation_date=&BANNER_ID&partner=&REQUESTOR_ID&Affiliate_Id&install_status=%Nummer%&last_stage=%Nummer%&ie_user_agent&os_ver=&ie_ver=&def_br_ver=
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=&iid=&cid=&uid=&UniqueCID=&bar_ver=&installation_date=&BANNER_ID&partner=&REQUESTOR_ID&Affiliate_Id&install_status=%Nummer%&last_stage=%Nummer%&ie_user_agent&os_ver=&ie_ver=&def_br_ver=
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=&iid=&cid=&uid=&UniqueCID=&bar_ver=&installation_date=&BANNER_ID&partner=&REQUESTOR_ID&Affiliate_Id&install_status=%Nummer%&last_stage=%Nummer%&ie_user_agent&os_ver=&ie_ver=&def_br_ver=
   • http://partners.ShopperReports.com/partners/**********?RegisterInstallationFromInstaller&group=&iid=&cid=&uid=&UniqueCID=&bar_ver=&installation_date=&BANNER_ID&partner=&REQUESTOR_ID&Affiliate_Id&install_status=%Nummer%&last_stage=%Nummer%&ie_user_agent&os_ver=&ie_ver=&def_br_ver=

 Registry Folgende Registryschlssel werden hinzugefgt:

[HKLM\SOFTWARE\Classes\CLSID\
   {C9CCBB35-D123-4A31-AFFC-9B2933132116}]
   • "@"="IEButton"

[HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.IEButton"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR]
   • "@"="%Verzeichnis in dem die Malware ausgefhrt wurde%"

[HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1\CLSID]
   • "@"="{100EB1FD-D03E-47FD-81F3-EE91287F9465}"

[HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.HbInfoBand"

[HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CurVer]
   • "@"="ShoppingReport.IEButtonA.1"

[HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS]
   • "@"="0"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1]
   • "@"="IEButton"

[HKLM\SOFTWARE\Classes\CLSID\
   {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}]
   • "@"="ShoppingReport Price Comparison"

[HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0]
   • "@"="PSClient 1.0 Type Library"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1]
   • "@"="IEButtonA"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   ToolboxBitmap32]
   • "@"="%ausgefhrte Datei%, 102"

[HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
   {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}]
   • "@"="ShoppingReport Price Comparison"
   • "BarSize"=""

[HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   ProgID]
   • "@"="ShoppingReport.IEButtonA.1"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

[HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}]
   • "@"="IHbAx"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA.1\CLSID]
   • "@"="{A16AD1E9-F69A-45AF-9462-B1C286708842}"

[HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR]
   • "@"="%Verzeichnis in dem die Malware ausgefhrt wurde%"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CLSID]
   • "@"="{20EA9658-6BC3-4599-A87D-6371FE9295FC}"

[HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib]
   • "@"="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
   • "Version"="1.0"

[HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   ProgID]
   • "@"="ShoppingReport.IEButton.1"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   ProgID]
   • "@"="ShoppingReport.HbAx.1"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CurVer]
   • "@"="ShoppingReport.IEButton.1"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0]
   • "@"="Smrt_Shpr 1.0 Type Library"

[HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   InprocServer32]
   • "@"="%ausgefhrte Datei%"
   • "ThreadingModel"=""

[HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbAx]
   • "@"="HbAx"

[HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CLSID]
   • "@"="{100EB1FD-D03E-47FD-81F3-EE91287F9465}"

[HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS]
   • "@"="0"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA]
   • "@"="IEButtonA"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   Version]
   • "@"="1.0"

[HKLM\SOFTWARE\Classes\CLSID\
   {A16AD1E9-F69A-45AF-9462-B1C286708842}]
   • "@"="IEButtonA"

[HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

[HKLM\SOFTWARE\Classes\Interface\
   {D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"
   • "Version"="1.0"

[HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   InprocServer32]
   • "@"="%ausgefhrte Datei%"
   • "ThreadingModel"=""

[HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl\CurVer]
   • "@"="ShoppingReport.RprtCtrl.1"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CLSID]
   • "@"="{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}"

[HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.RprtCtrl"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\0\win32]
   • "@"="%ausgefhrte Datei%"

[HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

[HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib]
   • "@"="{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}"
   • "Version"="1.0"

[HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32]
   • "@"="%ausgefhrte Datei%"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   InprocServer32]
   • "@"="%ausgefhrte Datei%"
   • "ThreadingModel"=""

[HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\
   ProgID]
   • "@"="ShoppingReport.RprtCtrl.1"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButton\CLSID]
   • "@"="{C9CCBB35-D123-4A31-AFFC-9B2933132116}"

[HKLM\SOFTWARE\Classes\TypeLib\
   {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0]
   • "@"="HbExternalLib"

[HKLM\SOFTWARE\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\
   InprocServer32]
   • "@"="%ausgefhrte Datei%"
   • "ThreadingModel"=""

[HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1]
   • "@"="HbAx"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand\CurVer]
   • "@"="ShoppingReport.HbInfoBand.1"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1]
   • "@"="ShoppingReport Price Comparison"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbAx.1\CLSID]
   • "@"="{20EA9658-6BC3-4599-A87D-6371FE9295FC}"

[HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   ProgID]
   • "@"="ShoppingReport.HbInfoBand.1"

[HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}]
   • "@"="ILeftPane"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbAx\CurVer]
   • "@"="ShoppingReport.HbAx.1"

[HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   InprocServer32]
   • "@"="%ausgefhrte Datei%"
   • "ThreadingModel"=""

[HKLM\SOFTWARE\Classes\CLSID\
   {20EA9658-6BC3-4599-A87D-6371FE9295FC}]
   • "@"="HbAx"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
   • "@"="ShoppingReport"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand.1\CLSID]
   • "@"="{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButton]
   • "@"="IEButton"

[HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\
   TypeLib]
   • "@"="{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}"

[HKLM\SOFTWARE\Classes\TypeLib\
   {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS]
   • "@"="0"

[HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl]
   • "@"="ShoppingReport"

[HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}]
   • "@"="IBrowserAdapter"

[HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32]
   • "@"="%ausgefhrte Datei%"

[HKLM\SOFTWARE\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.IEButtonA"

[HKLM\SOFTWARE\Classes\ShoppingReport.HbInfoBand]
   • "@"="ShoppingReport Price Comparison"

[HKLM\SOFTWARE\Classes\TypeLib\
   {D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR]
   • "@"="%Verzeichnis in dem die Malware ausgefhrt wurde%"

[HKLM\SOFTWARE\Classes\CLSID\
   {100EB1FD-D03E-47FD-81F3-EE91287F9465}]
   • "@"="ShoppingReport"

[HKLM\SOFTWARE\Classes\Interface\
   {AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\
   VersionIndependentProgID]
   • "@"="ShoppingReport.HbAx"

[HKLM\SOFTWARE\Classes\ShoppingReport.RprtCtrl.1]
   • "@"="ShoppingReport"

[HKLM\SOFTWARE\Classes\Interface\
   {8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32]
   • "@"="{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButton.1\CLSID]
   • "@"="{C9CCBB35-D123-4A31-AFFC-9B2933132116}"

[HKLM\SOFTWARE\Classes\ShoppingReport.IEButtonA\CLSID]
   • "@"="{A16AD1E9-F69A-45AF-9462-B1C286708842}"



Folgende Registryschlssel werden gendert:

[HKLM\SOFTWARE\ShoppingReport]
   Neuer Wert:
   • "ie_user_agent"=""

[HKCU\Software\ShoppingReport]
   Neuer Wert:
   • "InstallCreateDate"=""
   • "UID"=""
   • "UserCreateDate"=""
   • "cookies_flag"=dword:0x00000001
   • "ie_user_agent"=""
   • "iid"=""

Die Beschreibung wurde erstellt von Petre Galan am Dienstag, 6. April 2010
Die Beschreibung wurde geändert von Andrei Ivanes am Dienstag, 6. April 2010

zurück . . . .